Open Agent
Container

Open Agent Container (OAC)

This chapter explains the Open Agent Container (OAC) environment and its installation in Cisco Nexus 7000 Series Switches.
OAC is a 32-bit CentOS 6.7-based container that specifically allows open agents, such as the Chef and Puppet to run on these
platforms.

Information About Open Agent Container

From Cisco NX-OS 7.3(0)D1(1), the Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Switches support open agents, such
as Chef and Puppet.

However, open agents
cannot be directly installed on these platforms. Instead, they run in a special
environment—a decoupled execution space within a Linux Container (LXC)—called
the Open Agent Container (OAC). Decoupling the execution space from the native
host system allows customization of the Linux environment to suit the
requirements of the applications without impacting the host system or
applications running in other Linux containers.

The OAC is a 32-bit CentOS 6.7-based environment that provides a server-like experience to users. This means that after installation
and first activation, users are responsible for setting up the DNS information in the /etc/resolv.conf or providing host information
in the /etc/hosts, etc. as is done on any regular Linux system.

Note

At a given point in time, OAC is supported in only one VDC.

By default, networking in the OAC is performed in the default routing table instance. Any additional route that is required
(for example, a default route) must be configured in the native switch console and should not be configured using the CentOS
commands. To use a different routing instance (for example, the management VRF), use the following commands:

To get a bash shell in
the management VRF, run the
chvrf
management command.

To pass the VRF context to the specific command without changing the VRF instance in the shell, run the chvrf management cmd command.

Note

The OAC occupies up to 256 MB of RAM and 400 MB of bootflash when enabled.

From within the OAC, the network administrator can perform the following functions:

Access the network over Linux network interfaces.

Access the device's volatile tmpfs.

Access the device CLI using the dohost command.

Access Cisco NX-API.

Install and run Python scripts.

Install and run 32-bit Linux applications.

Enabling OAC on your Switch

Installing and Activating Open Agent Container

The Open Agent Container (OAC) application software is packaged into a file with a .ova extension (OVA file, which will be
hosted at the same location as the Cisco NX-OS images in the CCO directory and on GitHub). This package must first be copied
to a location on the device using the copy scp: : command before it is installed on the device. The install keyword extracts the OVA file, validates the contents of the file, creates a virtual service instance, and validates the
virtual machine definition file in XML. You do not have to copy configurations to the startup configuration file of the device
to preserve the installation of the OVA file. After you download the oac.ova file to your device, install and activate the
OAC. You can install a different OVA file on the active and standby route processors. To install and activate OAC on your
device, perform the following.

Procedure

The media in which the package is located can be bootflash or any media, including a USB device.

Note

Use the show virtual-service list command to view the progress of the installation. After the installation is complete, a message is displayed on the console
informing you about the successful installation of the virtual service.

Step 2

After the installation is complete, enter global configuration mode and activate the virtual service:

switch# configure terminal

Step 3

Enable the NX-API feature:

switch(config)# feature nxapi

Communication between the Puppet and Chef agents and the Cisco Nexus devices is achieved using the NX-APIs.

Step 4

Configure the virtual service and enter virtual service configuration mode:

switch(config)# virtual-service name

Step 5

Activate the configured virtual service:

switch(config-virt-serv)# activate

Note

To deactivate the virtual service, use the no activate command in virtual service configuration mode.

Step 6

Return to privileged EXEC mode:

switch(config-virt-serv)# end

Example

The following
example shows how to install and activate the OAC in your Cisco NX-OS device.
This is followed by the verification command that displays the details of the
installed and configured virtual service.

Connecting to the Open Agent Container

To connect to the virtual service environment, use the virtual-service connect name virtual-service-nameconsole command in privileged EXEC mode. In this case, the virtual environment we previously configured is the OAC.

switch# virtual-service connect name oac console

To access the OAC environment, use the following credentials:

username: root ,

password: oac .

When you access the OAC environment for the first time, you will be prompted to reset your password immediately. Follow the
instructions to reset your password. After you reset your password, you will have access to the OAC environment.

Note

Press Ctrl-C thrice times to terminate the connection to the OAC and return to the switch console.

Verifying the
Networking Environment Inside the Open Agent Container

To ensure that you can
install open agents on your switch directly from the Internet, verify the
networking environment within the configured OAC.

Procedure

Step 1

Edit the /etc/resolv.conf to point to a DNS server.

The default servers are OpenDNS Public DNS (208.67.222.222 and 208.67.220.220).

Step 2

Make sure that
you set the correct time in the container. You can set up the Network Time
Protocol (NTP) on the host inside the VSH. The time from the host will
automatically be synchronized with the OAC.

Step 3

If your switches are behind a firewall without direct connectivity to the internet use a proxy server.

Step 4

(Optional) Inside the container, set up http_proxy and https_proxy to point to your proxy server.

export http_proxy=<your-http-proxy>

export https_proxy=<your-http-proxy>

Upgrading Open Agent Container

If there is a new OVA available, you can upgrade the existing installation by using the virtual-service upgrade name virtual-service-name package package-location-media command in privileged EXEC mode. To upgrade to a new OVA, you must first deactivate the existing OVA by using the no activate command in virtual service configuration mode.

Caution

After you upgrade, you will lose all the changes and configurations made in the earlier version of the OAC. You will have
to start afresh in the new OAC environment.

Uninstalling Open Agent Container

Before you begin

To uninstall the OAC from the Cisco NX-OS device, deactivate the OAC first.

Procedure

Step 1

Enter global configuration mode and deactivate the virtual service:

switch# configure terminal

Step 2

Enter virtual service configuration mode:

switch(config)# virtual-service virutal-service-name

Step 3

Deactivate the configured virtual service:

switch(config-virt-serv)# no activate

Step 4

Exit to global configuration mode:

switch(config-virt-serv)# exit

Step 5

Disable the configured virtual service:

switch(config)# no virtual-service virtual-service-name

Step 6

Exit to privileged EXEC mode:

switch(config)# exit

Step 7

Uninstall the virtual service:

switch# virtual-service uninstall name virtual-service-name

Note

Use the show virtual-service list command to view the progress of the uninstallation. After the uninstallation is complete, you will see a message on the console
about the successful uninstallation of the virtual service.

Example:

The following example shows you how to deactivate and uninstall the OAC from your Cisco NX-OS device: